The present invention relates to networks, and more particularly to data-centric monitoring of compliance of applications.
This section is intended to provide a background or context to the invention disclosed below. The description herein may include concepts that could be pursued, but are not necessarily ones that have been previously conceived, implemented or described. Therefore, unless otherwise explicitly indicated herein, what is described in this section is not prior art to the description in this application and is not admitted to be prior art by inclusion in this section. Abbreviations that may be found in the specification and/or the drawing figures are defined below, after the detailed description section.
Existing compliance monitoring systems focus on IT events. For instance, one common monitoring system is intrusion detection, which is the process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible incidents, such as violations or imminent threats of violation of computer security policies, acceptable use policies, or standard security practices. Another example is log analysis for intrusion detection, which is the process used to detect attacks on a specific environment using logs as the primary source of information.
Meanwhile, regulatory compliance requirements focus on data protection and privacy. For instance, the Health Insurance Portability and Accountability Act (HIPAA) regulation impacts those in healthcare that exchange patient information electronically. HIPAA regulations were established to protect the integrity and security of health information, including protecting against unauthorized use or disclosure of the information. For HIPAA, a security management process must exist in order to protect against “attempted or successful unauthorized access, use, disclosure, modification, or interference with system operations”.
Other laws and rules such as the Family Educational Rights and Privacy Act (FERPA) also require that information is to be protected for compliance requirements. These compliance requirements are currently being met by focusing on IT events.
For a distributed system, IT events (such as a privileged user login) on one component (e.g., holding keys) of the system may affect the protection of data on another component (e.g., holding encrypted data that can be decrypted using the keys) of the system. A system that focuses solely on IT events may not be able to capture such relationships, especially since the privileged user login might not be an IT event that would be considered an intrusion or other insecure network access and there may not be anything that links the login on one component to the data on another component.